RE: security and cygwin

["Koskie, Sarah" <skoskie at iupui dot edu>]

Actually, Reini, I didn't say that I didn't know what a daemon was, I
said that I didn't know how to find out which ones were running (without
additional research, which, has thus far been fruitless).  If I type ps
-fA on my linux box at home, I get a list of all the running processes,
even when I am not logged in as root.  When I type ps -fA in cygwin, I
do not get a complete list -- just my shell and the ps command.  Of
course this brings up the question of who, exactly is root under cygwin,
but a check of /etc/passwd seems to indicate that there isn't one.  I
gather that if SYSTEM or Administrators wanted to take on the role,
they'd be able to do it.

As far as I can see from what you wrote, the real issue is that windows
is unsafe.  I don't use Explorer, and if there is an intruder on my
machine, I already have a problem, independent of what they can do using
cygwin services.  The question is whether someone can use cygwin to
intrude.

I guess I don't see why anyone would install cygwin rather than linux
unless they were stuck in a networked windows environment as I am, so I
would assume that it would be designed to work reasonably in such an
environment.  Only I and computer services have accounts on the machine.
I have to trust computer services, and if they screw up, they can't
blame me, so the only issue here is what I personally have to do to make
sure I do not introduce extra security risks into the system.  (Wish the
documentation addressed XP Pro rather than just NT.)    


> -----Original Message-----
> From: Reini Urban [mailto:rurban@x-ray.at]
> Sent: Monday, September 20, 2004 12:13 PM
> To: Koskie, Sarah
> Cc: Cygwin List
> Subject: Re: security and cygwin
> 
> Koskie, Sarah schrieb:
> >>>Are there any other security related issues I should know about?  I
> >>>have to assume that cygwin as installed is safe until I have time
to
> look
> >>>into it, so I am hoping that my faith is not misplaced.
> >>
> >>See the FAQ entry:
> >>
> >>How secure is Cygwin in a multi-user environment?
> >><http://cygwin.com/faq/faq_toc.html#TOC78>
> >
> > Thanks, but that does not answer my question.  I do not know what
> > daemons are running.
> 
> It does answer it.
> If you don't know this, you are completely unsafe.
> 
> > I did not start any.  I assume some are started in
> > the installation process but I don't know how to find out which they
> > are.  I just searched the FAQs for any other mention of "daemon" and
> > found none.  I have also checked the User's guide but it does not
seem
> > to contain any relevant info that I can see.  There should never be
any
> > users logged in remotely to my cygwin and if there is something I
have
> > to do to enforce that, that's part of what I want to know.  I should
> > also be the only one using sftp, ssh, etc. With the previous version
of
> > cygwin, I was able to sftp and ssh from cygwin to other machines but
not
> > from other machines to  my desktop computer.  I hope that is still
the
> > case.  I'll check it eventually, but as mentioned, I have a
> > more-than-full time job as other than an UNIX programmer or system
> > administrator and I cannot just stop and spend a month setting up
> > cygwin.  In the past I didn't have to.  The lack of relevant
> > documentation and the complexity of the current setup and install
> > process are extremely frustrating.
> 
> Trust the FAQ: It's unsafe.
> Esp. when you don't know what a daemon is. Just believe it.
> 
> A daemon is a long-running "satanic" background process.
> See your Task Manager on the Process Tab.
> 
> One of the daemons you don't see is for example called "Explorer" (the
> windows desktop). This is one of the worst security holes on windows,
> regardless of cygwin.
> 
> sftp, sshd, cygserver, cron and all other cygwin services are also
> daemons, which share global data via cygwin1.dll. If you are running
> them as user, a possible intruder can gain permissions of this user.
> If you run cygwin programs as service the intruder might gain
> permissions of the SYSTEM user.
> --
> Reini Urban
> 



--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/